Re: sort of OT: Linksys router blocking certain sites

Top Page
Attachments:
Message as email
+ (text/plain)
Delete this message
Reply to this message
Author: Jason Hayes
Date:  
To: Main PLUG discussion list
Subject: Re: sort of OT: Linksys router blocking certain sites
On Saturday 01 August 2009 04:53:12 pm Lisa Kachold wrote:
> Also, DO NOT SAVE YOUR router password in your browser protected cache!
>
> CRSF, MITM ssl, XSS exploits and other javascript naughtiness can play
> havok on your sanity!
>
> Do not do it. Make sure it's a great number of characters.
>
> Also, DO NOT advertise your SSID; USE WEP2 (just using Mac address
> alone will not be enough) and be sure that your router doesn't have a
> lot of blank 00:00:00:00:00:00 entries, because it's trivial to setup
> your mac address for 6 sets of zeros.



Thanks for the ideas. Have to run out for a few minutes, but will take a look
at your suggestions when I get back.

Jason


>
> On 8/1/09, Lisa Kachold <> wrote:
> > On 8/1/09, Jason Hayes <> wrote:
> >> Not sure why this is happening.
> >>
> >> My Linksys WRT54GS router just suddenly (yesterday a.m.) started
> >> blocking a
> >> group of sites that I administer. I was working on one of the sites and
> >> it
> >> started getting slower and slower, then finally cut out.
> >
> > Are you possibly locked out at that hosting provider? Ask that they
> > "escalate your ticket" to the highest level you can to rule out system
> > firewall lockouts?
> >
> > How are you accessing these sites? Port 22? VNC? http/https through
> > auth processes?
> >
> >> I know the sites are working because if I plug straight into the modem,
> >> I can
> >> access them. (Also family in Canada can access them without any issues.)
> >> Also,
> >> the rest of the Internet is still out there - I can access pretty much
> >> any
> >> other site.
> >
> > So, you possibly can't get a new cox IP address but you can request
> > they verify you did not get into one of their traps?
> >
> > Let's look further:
> >
> > 1) Can you traceroute from the command line to the server? If not
> > where does it fail?
> >
> > 2) If you limit icmp, can you netcat trace to that port?
> > http://www.jfranken.de/homepages/johannes/vortraege/netcat.en.html
> >
> > http://www.textfiles.com/hacking/INTERNET/netcat.txt
> >
> > 3) Or nmap the server?
> >
> > # nmap -P0 servername
> >
> >> I've talked with my hosting company and they swear up and down that
> >> nothing
> >> has changed and the sites are working as normal.
> >
> > Do you have cookies in place - clear your browser cookies? Try another
> > browser?
> >
> > Netcat, traceroute and nmap will bypass the browser, but just in case...
> >
> > Also did you change your dns server settings in your /etc/resolv.conf?
> > Check to make sure your nslookup is the same.
> >
> > Did you possibly setup a hosts file hack to work on a mock up of the
> > website and forget it on your own box? Verify /etc/hosts file...
> >
> >> While fighting with this, I've updated the firmware (to the latest
> >> version -
> >> V
> >> 7.2.06), reset all the settings to factory default, and re-set up my
> >> home network.
> >
> > Are other machines on your network doing the same thing?
> > Have someone come over and fire up their laptop to rule out XSS
> > plugins and other hacks?
> >
> >> Everything is fine except for those few websites. Anyone ever seen
> >> anything
> >> like this?
> >> --
> >> Jason Hayes
> >
> > --
> > http://linuxgazette.net/165/kachold.html
> > (623)239-3392
> > (503)754-4452 www.obnosis.com



--
Jason Hayes

---------------------------------------------------
PLUG-discuss mailing list -
To subscribe, unsubscribe, or to change your mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss